Privacy Policy

Last updated: March 26, 2026

1. Introduction

Welcome to Striden. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our coaching and athlete management platform ("Service").

By using Striden, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (stored in hashed form; we never store plaintext passwords)
• Profile photo (if provided)
• Account information from third-party authentication providers (Google, Apple) if you choose to sign in with those services, including your name, email address, and profile photo

2.2 Athletic and Training Data

As a coaching platform, we collect training-related data including:

• Workout plans, training schedules, and completion status
• Performance metrics: pace, distance, duration, elevation, heart rate, cadence, power, and other exercise metrics
• Activity data synced from connected services (Garmin Connect, Strava, WHOOP, COROS), including GPS routes, activity streams, and device data
• Personal records, goals, and race results
• Coach-athlete communications and feedback

2.3 Health and Biometric Data

Through direct input or third-party integrations, we may collect health and biometric data including:

• Heart rate and heart rate variability (HRV)
• Sleep duration and sleep quality metrics
• Recovery scores and readiness data
• Body metrics (weight, body composition, if provided)
• Wellness self-assessments (mood, energy, soreness, fatigue)

This data is classified as sensitive personal information under certain privacy laws. We process this data solely to provide coaching and training features, and we do not sell this data to third parties.

2.4 Payment Information

When you subscribe to the Service or make payments for coaching services:

• Payment card details are collected and processed directly by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers
• We store Stripe customer IDs, subscription status, and transaction history for billing management
• For coaches using Stripe Connect, we store connected account status, payout information, and business details

2.5 Identity Verification Data

If you are a coach and choose to verify your identity for the Verified badge:

• You will be asked to provide a government-issued photo ID and a selfie through Stripe Identity, our identity verification provider
• Stripe processes and stores the ID document and selfie according to Stripe's Privacy Policy
• Striden receives verification results (verified/failed status and verified name) but does not store copies of your ID document or selfie
• We store the verified name for comparison with your account name to detect mismatches

2.6 Automatically Collected Information

When you use our platform, we automatically collect:

• Device information (device type, operating system, browser)
• IP address
• Usage patterns and feature interactions
• Session data (stored in server-side sessions, not client-side cookies)
• Error logs and performance data

3. How We Use Your Information

We use the collected information to:

• Provide and maintain our coaching platform services, including workout planning, activity tracking, and coach-athlete communication
• Create and manage your account and organization membership
• Process transactions and send related billing information
• Enable coach-athlete relationships, including sharing training data, performance metrics, and health data between coaches and athletes within the same organization
• Sync and display data from connected fitness platforms (Garmin, Strava, WHOOP, COROS)
• Power AI-powered features such as training analysis, workout suggestions, and performance insights (Premium subscribers only)
• Send administrative communications including account notifications, security alerts, and service updates
• Enable coaches to send email communications to their athletes, including email blasts and workout notifications
• Verify coach identity and display verification badges on public profiles
• Analyze usage patterns to improve our services
• Protect against fraudulent, unauthorized, or illegal activity
• Respond to inquiries and provide customer support
• Enforce our Terms of Service

4. Data Sharing and Disclosure

4.1 Within Your Organization

Training data, activity data, health metrics, and communications are shared between coaches and athletes within your organization as part of the core service functionality. Coaches in your organization can view your workout data, activity history, performance metrics, and wellness data.

4.2 Public Marketplace

If you are a coach who lists on the public marketplace, the following information is publicly visible: organization name, coach name, profile photo, bio, specialties, location, pricing plans, and verification status.

4.3 Service Providers (Sub-processors)

We share data with the following categories of service providers who assist in operating our platform:

• Stripe — Payment processing, subscription management, coach payouts (Stripe Connect), and identity verification (Stripe Identity)
• Resend — Transactional and notification email delivery
• Anthropic — AI-powered training analysis and insights (your training data is sent to Anthropic's API for processing when you use AI features)
• Upstash — Session caching and rate limiting (Redis)
• Cloud hosting provider — Application hosting and database infrastructure

These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

4.4 Third-Party Fitness Platforms

When you connect your Garmin, Strava, WHOOP, or COROS account:

• We access activity and health data according to the permissions you grant via OAuth
• Data flows from these platforms to Striden; we do not share your Striden data back to these platforms beyond what is required by their API terms
• You can disconnect these integrations at any time from your settings, which stops future data syncing (previously synced data remains in your account unless you request deletion)
• Each third-party platform has its own privacy policy governing their data practices

4.5 Legal Requirements

We may disclose your information when required to do so by law or in good faith belief that such action is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing; (d) protect the personal safety of users or the public; or (e) protect against legal liability.

4.6 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

4.7 No Sale of Personal Information

We do not sell your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes.

5. Cookies and Tracking Technologies

Striden uses the following types of cookies and similar technologies:

• Essential cookies: Required for authentication and core functionality. These include session cookies that maintain your login state. You cannot opt out of these cookies as the Service will not function without them.
• Functional cookies: Used to remember your preferences such as timezone, active organization, and display settings.

We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site behavioral advertising. You can manage cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS)
• Hashed password storage
• Server-side session management with secure, encrypted session tokens
• Rate limiting on sensitive operations (login attempts, AI features)
• Password breach checking against known compromised password databases
• Blocking of disposable email addresses for account creation
• Regular security reviews and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information as follows:

• Account data: Retained for as long as your account is active. Upon account deletion, data is permanently removed within 30 days, unless we are legally required to retain it.
• Training and activity data: Retained for as long as your account is active. Deleted workouts and activities are soft-deleted and can be recovered for a limited period before permanent deletion.
• Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).
• Identity verification results: Verification status and verified name are retained for as long as the coach profile is active. ID documents and selfies are retained by Stripe in accordance with their retention policy.
• Server logs: Retained for up to 90 days for debugging and security purposes.
• Cached data (Redis): Session data, activity stream caches, and rate-limiting data are automatically purged based on configured TTLs (typically 1-24 hours).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Restriction: Request that we restrict processing of your data in certain circumstances
• Portability: Request a machine-readable export of your data
• Objection: Object to processing of your data for certain purposes
• Withdraw consent: Withdraw consent at any time where we rely on consent as the legal basis for processing

To exercise any of these rights, please contact us at support@striden.app. We will respond to your request within 30 days (or sooner if required by applicable law).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose what personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined by the CCPA/CPRA
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use of sensitive personal information (including health data) to what is necessary to provide the Service

Categories of personal information we collect include: identifiers (name, email), commercial information (subscription and payment history), internet activity (usage data), and sensitive personal information (health and biometric data). We do not sell any of these categories of information.

To submit a request, email support@striden.app with the subject line "California Privacy Request." We may need to verify your identity before fulfilling your request.

10. European Economic Area (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you have requested (account management, training features, coach-athlete communication)
• Legitimate interests: Analytics, fraud prevention, security, and service improvement, where our interests do not override your rights
• Consent: Where you have given explicit consent, such as connecting third-party fitness accounts, opting into AI features, or participating in identity verification. You may withdraw consent at any time
• Legal obligation: Where we are required by law to process your data (e.g., tax and financial record-keeping)

10.2 International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10.3 Data Protection Officer

For privacy-related inquiries, please contact us at support@striden.app. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

11. Coach Data Responsibilities

When coaches access athlete data through Striden, coaches act as independent data controllers for any use of that data outside of the platform. Coaches agree to:

• Only use athlete data for the purpose of providing coaching services
• Not export, copy, or transfer athlete data to unauthorized third parties
• Comply with applicable data protection laws when handling athlete information
• Promptly notify Striden if they become aware of any data breach affecting athlete data

12. Children's Privacy

Our services are not intended for individuals under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child in violation of applicable law, we will promptly delete that information.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes at least 30 days in advance by posting the updated policy on this page, updating the "Last updated" date, and sending you an email notification. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this privacy policy, our data practices, or wish to exercise your privacy rights, please contact us at:

support@striden.app

Striden
Attn: Privacy
Email: support@striden.app